flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-12 02:16:12 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: flywithu:master
Branches Tags
flywithu:master
flywithu:pipeline
flywithu:task/zpushconfigure
flywithu:Debian_Stretch
flywithu:webapp/3.4.25.1929
flywithu:zpush/2.4.5
flywithu:base/1541507972
flywithu:core/8.6.8.0-0
flywithu:core/8.7.80.27_0
flywithu:webapp/3.4.23.1909
flywithu:base/1541503189
flywithu:base/1541057013
flywithu:core/8.7.80.27
flywithu:webapp/3.4.24.1914
flywithu:base/1539951011
flywithu:webapp/3.4.23.1896
flywithu:base/1539855171
flywithu:webapp/3.4.23.1881
flywithu:core/8.6.82.110
flywithu:core/8.6.82.0
flywithu:webapp/3.4.23.1823
flywithu:base/1539669042
...
compare: flywithu:base/1541057013
Branches Tags
flywithu:master
flywithu:pipeline
flywithu:task/zpushconfigure
flywithu:Debian_Stretch
flywithu:webapp/3.4.25.1929
flywithu:zpush/2.4.5
flywithu:base/1541507972
flywithu:core/8.6.8.0-0
flywithu:core/8.7.80.27_0
flywithu:webapp/3.4.23.1909
flywithu:base/1541503189
flywithu:base/1541057013
flywithu:core/8.7.80.27
flywithu:webapp/3.4.24.1914
flywithu:base/1539951011
flywithu:webapp/3.4.23.1896
flywithu:base/1539855171
flywithu:webapp/3.4.23.1881
flywithu:core/8.6.82.110
flywithu:core/8.6.82.0
flywithu:webapp/3.4.23.1823
flywithu:base/1539669042

20 Commits
master ... base/15410

Author SHA1 Message Date
Felix Bartels
c8096b9a8f make it possible to install additional packages at runtime and not only during build 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-11-01 08:37:50 +01:00
Felix Bartels
2043b94062 update todo 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-23 09:45:54 +02:00
Felix Bartels
098ff5208c add a link to the project into gencerts.sh 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-23 09:45:21 +02:00
Felix Bartels
8db1dc5488 make webapp container start 
first start with caddyfile

Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-22 12:13:10 +02:00
Felix Bartels
51af427dce add demo ldap data from https://github.com/tomav/docker-mailserver/tree/master/test/docker-openldap 2018-10-22 10:06:42 +02:00
Felix Bartels
6773927116 reolace until loop with dockerize as well 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-20 09:07:21 +02:00
Felix Bartels
92b6e0da10 update docker-file 
while it did not work out to depend in the health status of mysql for the start of kopano-server, its nevertheless an interesting value. since the dockerfile does not include an automatic healcheak, add it to the compose file.

Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-19 16:48:19 +02:00
Felix Bartels
0bd6886b47 use dockerize to wait for mysql to start up 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-19 16:47:51 +02:00
Felix Bartels
b381a29859 add dockerize to base image 2018-10-19 16:47:32 +02:00
Felix Bartels
d08b00375c tuning of ssl settings 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-19 15:19:04 +02:00
Felix Bartels
5d838d2194 wait with kopano-server startup until ssl certificates are present 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-19 15:18:29 +02:00
Felix Bartels
b608aa59f5 also build ssl helper container 
fix creation of folders when ssl helper is run with mounted dirs
 2018-10-19 15:17:59 +02:00
Felix Bartels
a3315f61c9 do not ignore ssl dir 2018-10-19 15:17:07 +02:00
Felix Bartels
a183ac1f8d make committing of components always succeed 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-18 18:18:40 +02:00
Felix Bartels
a656ddb8f5 refine tagging a bit 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-18 18:10:59 +02:00
Felix Bartels
a2511f4f44 ci: commit changes before tagging 2018-10-18 14:33:48 +02:00
Felix Bartels
0b686587c2 Merge branch 'master' into compose 2018-10-18 14:32:58 +02:00
Felix Bartels
c44017b3e3 Merge branch 'master' into compose 2018-10-18 14:28:03 +02:00
Felix Bartels
c08bdfc6a9 docker-compose 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-17 22:55:12 +02:00
Felix Bartels
5523f4c984 wip: try to get some inspiration from https://www.davd.eu/byecloud-building-a-mailserver-with-modern-webmail/ for the compose example 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
 2018-10-17 08:46:58 +02:00
17 changed files with 629 additions and 204 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -2,4 +2,4 @@
**/.vscode **/.vscode
*.yml *.yml
docker-compose.yml docker-compose.yml
certs/* data/*

0
Caddyfile
View File

14
Makefile
View File

@ -11,7 +11,7 @@ webapp_download_version = $(shell ./version.sh webapp)
COMPONENT = $(shell echo $(component) | tr a-z A-Z) COMPONENT = $(shell echo $(component) | tr a-z A-Z)
build-all: build-base build-core build-webapp build-all: build-ssl build-base build-core build-webapp
build: component ?= base build: component ?= base
build: build:
@ -26,12 +26,16 @@ build-core:
build-webapp: build-webapp:
component=webapp make build component=webapp make build
build-ssl:
docker build -t $(docker_repo)/kopano_ssl ssl/
tag: component ?= base tag: component ?= base
tag: tag:
@echo 'create tag $($(component)_version)' @echo 'create tag $($(component)_version)'
docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version} docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
@echo 'create tag latest' @echo 'create tag latest'
docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
git commit -m 'ci: committing changes for $(component)' -- $(component) || true
git tag $(component)/${$(component)_version} || true git tag $(component)/${$(component)_version} || true
tag-base: tag-base:
@ -43,14 +47,11 @@ tag-core:
tag-webapp: tag-webapp:
component=webapp make tag component=webapp make tag
git-commit:
git add -A && git commit -m "ci: commit changes before tagging"
# Docker publish # Docker publish
repo-login: repo-login:
docker login -u $(docker_login) -p $(docker_pwd) docker login -u $(docker_login) -p $(docker_pwd)
publish: git-commit repo-login publish-base publish-core publish-webapp publish: repo-login publish-ssl publish-base publish-core publish-webapp
git push git push
git push origin --tags git push origin --tags
@ -68,3 +69,6 @@ publish-core: build-core tag-core
publish-webapp: build-webapp tag-webapp publish-webapp: build-webapp tag-webapp
component=webapp make publish-container component=webapp make publish-container
publish-ssl: build-ssl
docker push $(docker_repo)/kopano_ssl:latest

3
base/Dockerfile
View File

@ -31,6 +31,9 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
dpkg-reconfigure --frontend=noninteractive locales && \ dpkg-reconfigure --frontend=noninteractive locales && \
update-locale LANG=en_US.UTF-8 update-locale LANG=en_US.UTF-8
ENV DOCKERIZE_VERSION v0.6.1
RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin
ARG ADDITIONAL_KOPANO_PACKAGES="" ARG ADDITIONAL_KOPANO_PACKAGES=""
ARG DOWNLOAD_COMMUNITY_PACKAGES=1 ARG DOWNLOAD_COMMUNITY_PACKAGES=1
ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core" ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"

19
core/start-service.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script set -eu # unset variables are errors & non-zero return values exit the whole script
if [ ! -e /kopano/$SERVICE_TO_START.py ] if [ ! -e /kopano/$SERVICE_TO_START.py ]
@ -8,6 +10,13 @@ then
exit 1 exit 1
fi fi
[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
apt --assume-yes install $installpkg;
fi
done
mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
echo "Configure core service '$SERVICE_TO_START'" | ts echo "Configure core service '$SERVICE_TO_START'" | ts
@ -17,8 +26,8 @@ echo "Set ownership" | ts
chown -R kopano:kopano /run /tmp chown -R kopano:kopano /run /tmp
chown kopano:kopano /kopano/data/ /kopano/data/attachments chown kopano:kopano /kopano/data/ /kopano/data/attachments
echo "Clean old pid files and sockets" | ts #echo "Clean old pid files and sockets" | ts
rm -f /var/run/kopano/* #rm -f /var/run/kopano/*
# allow helper commands given by "docker-compose run" # allow helper commands given by "docker-compose run"
if [ $# -gt 0 ] if [ $# -gt 0 ]
@ -30,6 +39,12 @@ fi
# start regular service # start regular service
case "$SERVICE_TO_START" in case "$SERVICE_TO_START" in
server) server)
# TODO needs to be extended for the other services and certificates
dockerize \
-wait file://$KCCONF_SERVER_SERVER_SSL_CA_FILE \
-wait file://$KCCONF_SERVER_SERVER_SSL_KEY_FILE \
-wait tcp://db:3306 \
-timeout 360s
exec /usr/sbin/kopano-server -F exec /usr/sbin/kopano-server -F
;; ;;
dagent) dagent)

276
docker-compose.yml-example
View File

@ -1,189 +1,44 @@
version: '3' version: "3"
services: services:
web:
kserver: image: abiosoft/caddy:0.10.4
image: zokradonh/kopano_core:${CORE_VERSION} restart: always
hostname: kserver privileged: true
container_name: kopano_server
links: links:
- db - kwebapp
depends_on: #- kzpush
- "kssl" ports:
environment: - "10080:80"
- SERVICE_TO_START=server - "10443:443"
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
networks:
- kopanonet
volumes: volumes:
- data:/kopano/data - ./web/Caddyfile:/etc/Caddyfile
- sslcerts:/kopano/ssl - ./data/web:/root/.caddy
kdagent: mail:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=dagent
- TZ=Europe/Berlin
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet
kgateway:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kserver
volumes:
- ./gatewaycerts/:/kopano/certs/
environment:
- SERVICE_TO_START=gateway
- TZ=Europe/Berlin
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
networks:
- kopanonet
kical:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kserver
environment:
- SERVICE_TO_START=ical
- TZ=Europe/Berlin
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet
kmonitor:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=Europe/Berlin
- KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
- KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
networks:
- kopanonet
ksearch:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=Europe/Berlin
- KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
- KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
- KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
networks:
- kopanonet
kspooler:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_spooler
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=spooler
- TZ=Europe/Berlin
- KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=kmta
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet
kwebapp:
image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
#ports:
# - "8236:80"
# - "8237:443"
volumes:
- syncstates:/var/lib/z-push/
- sslcerts:/kopano/ssl
environment:
- TZ=Europe/Berlin
- KCCONF_SERVERHOSTNAME=kserver
- KCCONF_SERVERPORT=237
networks:
- web
- kopanonet
kssl:
image: zokradonh/kopano_ssl
container_name: kopano_ssl
volumes:
- sslcerts:/kopano/ssl
kmta:
image: tvial/docker-mailserver:latest image: tvial/docker-mailserver:latest
hostname: myhost #change here restart: always
domainname: domain.tld #change here hostname: mail
#dns: 127.0.0.1 domainname: kopano.demo # change here
container_name: kopano_mta container_name: mail
#links:
# - adtunnel
ports: ports:
- "25:25" - "25:25"
# - "143:143"
# - "587:587"
# - "993:993"
volumes: volumes:
- tmpmaildata:/var/mail - ./data/mail/data:/var/mail
- tmpmailstate:/var/mail-state - ./data/mail/state:/var/mail-state
- ./mtaconfig/:/tmp/docker-mailserver/ # create this dir - ./mail/config:/tmp/docker-mailserver/
#- ./data/web/acme-v01.api.letsencrypt.org/sites/mail.kopano.demo:/tmp/ssl:ro
environment: environment:
- TZ=Europe/Berlin - TZ=Europe/Berlin
- ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1 - ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1 - ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1 - ENABLE_POSTGREY=1
- TLS_LEVEL=intermediate - ONE_DIR=0
- POSTGREY_DELAY=10
- ONE_DIR=1
- DMS_DEBUG=0 - DMS_DEBUG=0
- SSL_TYPE=manual
- SSL_CERT_PATH=/tmp/ssl/mail.kopano.demo.crt
- SSL_KEY_PATH=/tmp/ssl/mail.kopano.demo.key
- ENABLE_LDAP=1 - ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
- LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
@ -212,31 +67,88 @@ services:
- NET_ADMIN - NET_ADMIN
- SYS_PTRACE - SYS_PTRACE
# TODO find good example ldap container
db: db:
image: mariadb image: mariadb:10.3.10-bionic
restart: always restart: always
container_name: kopano_db container_name: kopano_db
volumes: volumes:
- db:/var/lib/mysql - ./data/mysql/:/var/lib/mysql
environment: environment:
- MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- MYSQL_PASSWORD=YOUR_PASSWORD #change here - MYSQL_PASSWORD=YOUR_PASSWORD #change here
- MYSQL_DATABASE=kopano - MYSQL_DATABASE=kopano
- MYSQL_USER=kopano - MYSQL_USER=kopano
healthcheck:
test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
interval: 30s
timeout: 10s
retries: 4
networks: networks:
- kopanonet - kopanonet
kwebapp:
image: zokradonh/kopano_webapp:latest
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
volumes:
- ./data/z-push-states/:/var/lib/z-push/
- ./ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- TZ=Europe/Berlin
#- ADDITIONAL_KOPANO_PACKAGES=kopano-webapp-plugin-mattermost
networks:
- web
- kopanonet
volumes: kssl:
db: image: zokradonh/kopano_ssl
data: container_name: kopano_ssl
syncstates: volumes:
sslcerts: - ./data/ssl/:/kopano/ssl
tmpmaildata:
tmpmailstate: kserver:
image: zokradonh/kopano_core:latest
hostname: kserver
container_name: kopano_server
links:
- db
depends_on:
- db
- kssl
environment:
- SERVICE_TO_START=server
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
#- ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap
networks:
- kopanonet
volumes:
- ./data/kopano/:/kopano/data
- ./data/ssl/:/kopano/ssl
networks: networks:
web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy) web:
external:
name: haproxy_webrproxynet
kopanonet: kopanonet:
driver: bridge driver: bridge

298
docker-compose.yml-wip Normal file
View File

@ -0,0 +1,298 @@
version: '3'
services:
kserver:
image: zokradonh/kopano_core:${CORE_VERSION}
hostname: kserver
container_name: kopano_server
links:
- db
depends_on:
- "kssl"
environment:
- SERVICE_TO_START=server
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
networks:
- kopanonet
volumes:
- data:/kopano/data
- sslcerts:/kopano/ssl
kdagent:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=dagent
- TZ=Europe/Berlin
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet
kgateway:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kserver
volumes:
- ./gatewaycerts/:/kopano/certs/
environment:
- SERVICE_TO_START=gateway
- TZ=Europe/Berlin
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
networks:
- kopanonet
kical:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kserver
environment:
- SERVICE_TO_START=ical
- TZ=Europe/Berlin
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet
kmonitor:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=Europe/Berlin
- KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
- KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
networks:
- kopanonet
ksearch:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=Europe/Berlin
- KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
- KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
- KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
networks:
- kopanonet
kspooler:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_spooler
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=spooler
- TZ=Europe/Berlin
- KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=kmta
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet
kwebapp:
image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
#ports:
# - "8236:80"
# - "8237:443"
volumes:
- syncstates:/var/lib/z-push/
- sslcerts:/kopano/ssl
environment:
- TZ=Europe/Berlin
- KCCONF_SERVERHOSTNAME=kserver
- KCCONF_SERVERPORT=237
networks:
- web
- kopanonet
kssl:
image: zokradonh/kopano_ssl
container_name: kopano_ssl
volumes:
- sslcerts:/kopano/ssl
kmta:
image: tvial/docker-mailserver:latest
hostname: myhost #change here
domainname: domain.tld #change here
#dns: 127.0.0.1
container_name: kopano_mta
#links:
# - adtunnel
ports:
- "25:25"
# - "143:143"
# - "587:587"
# - "993:993"
volumes:
- tmpmaildata:/var/mail
- tmpmailstate:/var/mail-state
- ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
environment:
- TZ=Europe/Berlin
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- TLS_LEVEL=intermediate
- POSTGREY_DELAY=10
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
- LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
- LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
- LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
- ENABLE_SASLAUTHD=1
- SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
- SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here
- SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
- SASLAUTHD_MECHANISMS=ldap
- POSTMASTER_ADDRESS=postmaster@domain.tld #change here
- SMTP_ONLY=1
- PERMIT_DOCKER=network
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kdagent:2003
- REPORT_RECIPIENT=1
networks:
- kopanonet
cap_add:
- NET_ADMIN
- SYS_PTRACE
db:
image: mariadb
restart: always
container_name: kopano_db
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- MYSQL_PASSWORD=YOUR_PASSWORD #change here
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
networks:
- kopanonet
volumes:
db:
data:
syncstates:
sslcerts:
tmpmaildata:
tmpmailstate:
networks:
web:
external:
driver: default
kopanonet:
driver: bridge
version: "3"
services:
rainloop:
image: hardware/rainloop
links:
- mail
volumes:
- ./data/rainloop:/rainloop/data
mail:
image: tvial/docker-mailserver:latest
restart: always
hostname: mail
domainname: fancydomain.tld
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
- "4190:4190"
volumes:
- ./data/mail/data:/var/mail
- ./data/mail/state:/var/mail-state
- ./mail/config:/tmp/docker-mailserver/
- ./data/entry/acme/acme-v01.api.letsencrypt.org/sites/mail.fancydomain.tld:/tmp/ssl:ro
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_MANAGESIEVE=1
- SSL_TYPE=manual
- SSL_CERT_PATH=/tmp/ssl/mail.fancydomain.tld.crt
- SSL_KEY_PATH=/tmp/ssl/mail.fancydomain.tld.key
cap_add:
- NET_ADMIN
entry:
image: abiosoft/caddy:0.10.4
restart: always
privileged: true
links:
- rainloop
ports:
- "80:80"
- "443:443"
volumes:
- ./entry/Caddyfile:/etc/Caddyfile
- ./data/entry:/root/.caddy

5
ldap/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
FROM osixia/openldap:1.1.6
MAINTAINER Dennis Stumm <dstumm95@gmail.com>
ADD bootstrap /container/service/slapd/assets/config/bootstrap
RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema

5
ldap/bootstrap/ldif/01_mail-tree.ldif Normal file
View File

@ -0,0 +1,5 @@
dn: ou=people,dc=localhost,dc=localdomain
changetype: add
objectClass: organizationalUnit
objectClass: top
ou: people

25
ldap/bootstrap/ldif/02_user-email.ldif Normal file
View File

@ -0,0 +1,25 @@
# --------------------------------------------------------------------
# Create mail accounts
# --------------------------------------------------------------------
# Some User
dn: uniqueIdentifier=some.user,ou=people,dc=localhost,dc=localdomain
changetype: add
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: PostfixBookMailAccount
objectClass: extensibleObject
cn: Some User
givenName: User
mail: some.user@localhost.localdomain
mailAlias: postmaster@localhost.localdomain
mailGroupMember: employees@localhost.localdomain
mailEnabled: TRUE
mailGidNumber: 5000
mailHomeDirectory: /var/mail/localhost.localdomain/some.user/
mailQuota: 10240
mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.user/
mailUidNumber: 5000
sn: Some
uniqueIdentifier: some.user
userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx

25
ldap/bootstrap/ldif/03_user-email-other-primary-domain.ldif Normal file
View File

@ -0,0 +1,25 @@
# --------------------------------------------------------------------
# Create mail accounts
# --------------------------------------------------------------------
# Some User
dn: uniqueIdentifier=some.other.user,ou=people,dc=localhost,dc=localdomain
changetype: add
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: PostfixBookMailAccount
objectClass: extensibleObject
cn: Some Other User
givenName: Other User
mail: some.other.user@localhost.otherdomain
mailAlias: postmaster@localhost.otherdomain
mailGroupMember: employees@localhost.otherdomain
mailEnabled: TRUE
mailGidNumber: 5000
mailHomeDirectory: /var/mail/localhost.localdomain/some.other.user/
mailQuota: 10240
mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.other.user/
mailUidNumber: 5000
sn: Some
uniqueIdentifier: some.other.user
userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx

23
ldap/bootstrap/ldif/04_user-email-different-uid.ldif Normal file
View File

@ -0,0 +1,23 @@
# --------------------------------------------------------------------
# Create mail accounts
# --------------------------------------------------------------------
# Some User
dn: uniqueIdentifier=some.user.id,ou=people,dc=localhost,dc=localdomain
changetype: add
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: PostfixBookMailAccount
objectClass: extensibleObject
cn: Some User
givenName: User
mail: some.user.email@localhost.localdomain
mailEnabled: TRUE
mailGidNumber: 5000
mailHomeDirectory: /var/mail/localhost.localdomain/some.user.id/
mailQuota: 10240
mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.user.id/
mailUidNumber: 5000
sn: Some
uniqueIdentifier: some.user.id
userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx

70
ldap/bootstrap/schema/mmc/postfix-book.schema Normal file
View File

@ -0,0 +1,70 @@
# $Id$
#
# State of Mind
# Private Enterprise Number: 29426
#
# OID prefix: 1.3.6.1.4.1.29426
#
# Attributes: 1.3.6.1.4.1.29426.1.10.x
#
attributetype ( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory'
DESC 'The absolute path to the mail user home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias'
DESC 'RFC822 Mailbox - mail alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber'
DESC 'UID required to access the mailbox'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber'
DESC 'GID required to access the mailbox'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled'
DESC 'TRUE to enable, FALSE to disable account'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember'
DESC 'Name of a mail distribution list'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota'
DESC 'Mail quota limit in kilobytes'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory'
DESC 'The absolute path to the mail users mailbox'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
#
# Objects: 1.3.6.1.4.1.29426.1.2.2.x
#
objectclass ( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount'
SUP top AUXILIARY
DESC 'Mail account used in Postfix Book'
MUST ( mail )
MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember
$ mailUidNumber $ mailGidNumber $ mailEnabled
$ mailQuota $mailStorageDirectory ) )
objectclass ( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward'
SUP top AUXILIARY
DESC 'Mail forward used in Postfix Book'
MUST ( mail $ mailAlias ))

9
ssl/gencerts.sh Normal file → Executable file
View File

@ -1,9 +1,12 @@
#!/bin/sh #!/bin/sh
# https://github.com/google/easypki
# TODO integrate this directly into start.sh?
echo "Creating CA and Server certificates..." echo "Creating CA and Server certificates..."
easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System" mkdir -p /kopano/ssl/clients/
cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
for s in kserver kdagent kmonitor ksearch kspooler kwebapp for s in kserver kdagent kmonitor ksearch kspooler kwebapp
@ -14,4 +17,4 @@ for s in kserver kdagent kmonitor ksearch kspooler kwebapp
openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem
done done
ls -l /kopano/ssl/*.pem ls -l /kopano/ssl/*.pem

5
ssl/start.sh Normal file → Executable file
View File

@ -1,8 +1,7 @@
#!/bin/sh #!/bin/sh
if [ -f /kopano/ssl/ca.pem ]; then
if [ -f /kopano/ssl/ca.pem ] exit 0
then exit 0
fi fi
/gencerts.sh /gencerts.sh

11
web/Caddyfile Normal file
View File

@ -0,0 +1,11 @@
webapp.kopano.demo {
tls self_signed
redir / /webapp
proxy /webapp kwebapp:80 {
transparent
websocket
}
}

43
webapp/start.sh
View File

@ -1,20 +1,47 @@
#!/bin/bash #!/bin/bash
# define default value for serverhostname and serverport if not passed into container
KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-237}
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script set -eu # unset variables are errors & non-zero return values exit the whole script
echo "Ensure directories" [ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
mkdir -p /run/sessions /tmp/webapp [ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
apt --assume-yes install $installpkg;
fi
done
echo "Configure webapp" echo "Ensure directories"
sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \ mkdir -p /run/sessions /tmp/webapp
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Kopano WebApp is using the default: connection"
else
echo "Kopano WebApp is using an ip connection"
sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
-i /etc/kopano/webapp/config.php
fi
# TODO is enabling this really neccesary when reverse proxying webapp?
echo "Configuring Kopano WebApp for use behind a reverse proxy"
sed \
-e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \ -e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \
-i /etc/kopano/webapp/config.php -i /etc/kopano/webapp/config.php
echo "Configure z-push" if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \ echo "Z-Push is using the default: connection"
-i /etc/z-push/kopano.conf.php else
echo "Z-Push is using an ip connection"
sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
-i /etc/z-push/kopano.conf.php
fi
echo "Configuring Z-Push for use behind a reverse proxy"
sed -e "s#define([\"']USE_CUSTOM_REMOTE_IP_HEADER[\"'],\s*false)#define('USE_CUSTOM_REMOTE_IP_HEADER', true)#" \ sed -e "s#define([\"']USE_CUSTOM_REMOTE_IP_HEADER[\"'],\s*false)#define('USE_CUSTOM_REMOTE_IP_HEADER', true)#" \
-i /etc/z-push/z-push.conf.php -i /etc/z-push/z-push.conf.php
echo "Ensure config ownership" echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions /tmp/webapp chown -R www-data:www-data /run/sessions /tmp/webapp